Client-server networking is a distributed application architecture that partitions tasks or work loads between service providers (servers) and service requesters (clients). This kind of network communication is not necessarily secure. In order to have a secure communication in the client-server set up, many researchers and organizations incorporate methods such as public key based cryptography, identity based cryptography and the like.
A strong password-based Authentication Key Exchange (PAKE) was patented by Bollovin and Merritte in 1993. It is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password. Later, Stanford University patented Secure Remote Protocol (SRP) that was used for a new password authentication and key-exchange mechanism over an untrusted network. Then, Sun Microsystems came up with an implementation of the Elliptic Curve Cryptography (ECC) technology which was well integrated into the Open SSL-Certificate Authority. This code enabled secure TLS/SSL handshakes using the Elliptic curve based cipher suites.
Other works done in this field:
U.S. Pat. No. 6,477,254 granted to Seiji Miyazaki and Kazuo Takaragi provides a data encryption and decryption method which includes an encryption step and a decryption step. In the encryption step, there are prepared n pairs of secret keys and public keys in a public-key cryptographic scheme, where n is a positive integer. A new key is generated in accordance with at least one of the public keys. Data is encrypted in a common-key cryptographic scheme by use of the new key. There is prepared a (k, n) threshold logic (k is an integer equal to or less than n) having terms associated with the new key and the n public keys. A calculation of the threshold logic is conducted by use of the new key and the n public keys, and encrypted data and a result of the calculation of the threshold logic are stored. In the decryption step, the new key is restored from k secret keys selected from the n secret keys and the stored result of the threshold logic calculation in accordance with a threshold reverse logic corresponding to the threshold logic and stored data is decrypted by the restored key in the common-key cryptographic scheme. The focus of the U.S. Pat. No. 6,477,254 is on providing a data encryption and decryption method that includes the steps of data encryption and data decryption respectively. The data encryption step further includes ‘n’ pairs of secret keys and public keys and generating a new key using at least two of the generated public keys.
U.S. Pat. No. 7,673,141 granted to Roger Kilian-Kehr et al provides a system for providing secured access to an application service. The system envisaged by the U.S. Pat. No. 7,673,141 includes a challenge provider that uses a first cryptographic technique to provide a challenge to a client seeking access to an application service. The client uses a second cryptographic technique to generate a response, and provides the response to an authentication service. The authentication service grants the client access to the application service only if the challenge and response are authenticated using a first authentication technique complementary to the first cryptographic technique and a second authentication technique complementary to the second cryptographic technique, respectively.
United States Patent Application 2008069338 filed by Robert Relyea provides a computer system and a method for verifying a location factor associated with the token (client). The token receives an encrypted challenge from a server. The encrypted challenge is encrypted by a key commonly shared by the server and the token. The token then decrypts the encrypted challenge by the commonly shared key and manipulates the challenge by a predetermined elliptic curve cryptography (ECC) procedure to obtain a manipulated challenge. The token returns a signed manipulated challenge and an ECC public key to the server as a reply to the challenge. The server receives the signed manipulated challenge and verifies that the signed manipulated challenge was actually generated at the token based upon the ECC public key. In case of the US Patent Application No. 2008069338 the client receives an encrypted challenge from the server, the challenge is encrypted using a key that is known to both the client and the server (public key).
United States Patent Application 2009003597 filed by Alexander Gantman et al provides a method and apparatus with means for use in authentication between two entities having agreed on the use of a common modulus N. The method envisaged by US Patent Application No. 2009003597 comprises the steps of, generating a pseudorandom string value from an input value; generating a first public key value based on the modulus N and the pseudorandom string value; generating a first private key value corresponding to the first public key value; receiving a second public key value; and generating a shared secret value based on the modulus N, the first private key value and the second public key value; determining the authentication signature using the shared secret value and transmitting the said authentication signature. The system envisaged by the US Patent Application No. 2009003597 makes use of the key generation unit to generate the first public key and the first private key. The system further makes use of a receiver unit to receive a second public key value and a secret key generation unit to generate a secret shared key value.
United States Patent Application 2010211779 filed by Ganapathy S. Sundaram provides a key agreement protocol between a first party and a second party. According to the US Patent Application No. 2010211779, a random key component is generated, encrypted by the first party (server) and sent to the second party (client). The random key part is encrypted using the public key of the second party. Accordingly the second party receives the random key component sent from the first party, and in addition to receiving the first random key component the second party generates the second key component. At the client end (at the second party), the first key component and the second key component are encrypted to form a random encrypted key component pair. So generated random key component pair is encrypted and transmitted from the second party (client) to the first party (server). Upon receiving the encrypted random key component pair from the second party, the server or the first party sends an encrypted second random key component to the second party and the key to be used in all the subsequent communication between the client and the server are computed and decided at the first party (server) based on the second random key component. The focus of the US Patent Application No. 2010211779 is on providing an identity based encryption scheme.
U.S. Pat. No. 7,549,044 granted to Lane W. Lee provides a block-level storage device which has been configured to implement a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key. The focus of the U.S. Pat. No. 7,549,044 is on providing a digital rights management system. In case of the system envisaged by the U.S. Pat. No. 7,549,044 the secure session key itself is encrypted and subsequently decrypted in order to ensure a secured communication between the storage device and the client.
Chinese Patent Application 1444168 filed by Zhu Huafei discloses creating an elliptic curve public key certificate based on the probability of asymmetric encryption method. The system envisaged by the Chinese Patent Application No. 1444168 further includes making use of the principles of anti-collision hash functions, public key encryption system and public key certificate scheme in order to facilitate secured communication between the client and the server. The present invention is dissimilar from the system envisaged by the Chinese Patent Application No. 1444168 in that it provides certificateless public key infrastructure. Even though the Chinese Patent Application discloses making use of elliptic curve cryptography (ECC), the major dissimilarity lies in the fact that the present invention makes use of certificateless public key infrastructure whereas the Chinese Patent Application discloses using a certificate based public key infrastructure.
The disadvantages associated with the systems proposed by the prior art and related art patent documents are that all of the above approaches are implemented on certificate-based public key cryptography and the identity-based cryptography techniques. These cryptography methods face costly and complex key management problems and the key escrow problem in the real-life deployment. Recently, the certificateless public key cryptography (CL-PKC) was introduced to address these problems, which have not been solved fully. Typically, CL-PKC uses bilinear pairings and inverse operations which would slowdown the performance of the system.
Hence, there was felt a need for a cost and time effective system which is based on certificateless public key cryptosystem but does not make use of the principle of bilinear pairing.